README.md added

2025-08-02 20:24:39 +02:00 · 2025-05-28 19:01:12 +02:00
parent 0eecfbfb35
commit 296bfd258c
1 changed files with 215 additions and 10 deletions
--- a/wolfcrypt/src/port/tropicsquare/README.md
+++ b/wolfcrypt/src/port/tropicsquare/README.md
@@ -1,20 +1,225 @@
-# tropic01 callbacks
+# wolfSSL TROPIC01 Secure Element Integration Guide
-
+
-
+![wolfSSL+TROPIC01](https://img.shields.io/badge/wolfSSL-TROPIC01-blue) 
-
+
-## How to build:
+
-
+Integration guide for using Tropic Square's TROPIC01 secure element with wolfSSL/wolfCrypt cryptography library.
-1. Build libtropic project with all dependencies for the targeted platfrom (for example, Raspberry Pi 3/4/5). Preferably all static targets must be built with -fPIC option
+
-2. Goto wolfssl main folder 
+## Table of Contents
-3. ./autogen.sh
+- [wolfSSL TROPIC01 Secure Element Integration Guide](#wolfssl-tropic01-secure-element-integration-guide)
-4. ./configure --with-tropic01=/home/pi/git/libtropic --enable-cryptocb --enable-static --disable-crypttests --disable-examples --disable-shared
+  - [Table of Contents](#table-of-contents)
-Note. Please replace '/home/pi/git/libtropic' with an absolute path to your libtropic folder if necessary 
+  - [TROPIC01 Secure Element with an open architecture](#tropic01-secure-element-with-an-open-architecture)
-5. make
+  - [Hardware Overview](#hardware-overview)
-6. the built library should be in ./wolfssl/src/.libs/libwolfssl.a
+    - [TROPIC01 Specifications](#tropic01-specifications)
-
+    - [Available Evaluation and Development Kits](#available-evaluation-and-development-kits)
-## How to use:
+    - [Get samples](#get-samples)
-
+  - [Build Configuration](#build-configuration)
-
+    - [Pre-requirements](#pre-requirements)
    - [Keys installation](#keys-installation)
    - [Build TROPIC01 SDK (libtropic)](#build-tropic01-sdk-libtropic)
    - [Build wolfSSL](#build-wolfssl)
    - [Build test application](#build-test-application)
 ## TROPIC01 Secure Element with an open architecture
 The TROPIC01 secure element is built with tamper-proof technology and advanced attack countermeasures to ensure robust asset protection, securing electronic devices against a wide range of potential attacks. It securely supplies and stores the cryptographic keys of embedded solutions.
 The TROPIC01 datasheet is available via [this link](https://www.nxp.com/docs/en/application-note/AN12570.pdf)
 ## Hardware Overview
 ### TROPIC01 Specifications
 - **Crypto Accelerators**:
  - Elliptic curve cryptography
  - Ed25519 EdDSA signing
  - P-256 ECDSA signing
  - Diffie-Hellman X25519 key exchange
  - Keccak based PIN authentication engine
 - **Tamper Resistance**:
  - Voltage glitch detector
  - Temperature detector
  - Electromagnetic pulse detector
  - Laser detector
  - Active shield
 - **Interface to Host MCU/MPU**: 
  - SPI
  - Encrypted channel with forward secrecy 
 - **Entropy Source**:
  - Physically Unclonable Function (PUF)
  - True Random Number Generator (TRNG)
 ### Available Evaluation and Development Kits 
 - USB Stick with TROPIC01 ([here](https://github.com/tropicsquare/tropic01?tab=readme-ov-file#usb-stick-with-tropic01))
 - Raspberry PI shield ([here](https://github.com/tropicsquare/tropic01?tab=readme-ov-file#rpi-shield-ts1501)) 
 - Arduino shield ([here](https://github.com/tropicsquare/tropic01?tab=readme-ov-file#arduino-shield-ts14))
 ### Get samples
 To get samples and DevKits, please fill in [this form](https://tropicsquare.com/tropic01-samples#form)
 ## Build Configuration
 ### Pre-requirements
 1. Install toolchain (incl. compiler or cross-compiler). For example,  GNU Toolchain (gcc) or ARM cross compiling toolchain (armv8-rpi3-linux-gnueabihf) 
 2. Install CMake and Autotools 
 3. Install Git client
  Some guideline for RPi is [here](https://earthly.dev/blog/cross-compiling-raspberry-pi/)
 Also, for Raspberry PI there are a few more steps:
 1.  In raspi-config go to "Interface Options" and enable SPI
 2.  Install wiringPI:
 ```sh
 $ sudo apt update
 $ sudo apt install wiringpi
 ```
 ### Keys installation
 For the integration with wolfSSL there are a few pre-defined slots for the secure keys storage (the slots mapping might be changed in tropic01.h):
 ```sh
 TROPIC01_AES_RMEM_SLOT_DEFAULT 1 // slot in R-memory for AES key 
 TROPIC01_ED25519_PUB_RMEM_SLOT_DEFAULT 2 // slot in R-memory for ED25519 Public key  
 TROPIC01_ED25519_PRIV_RMEM_SLOT_DEFAULT 3 //slot in R-memory for ED25519 Private key
 TROPIC01_ED25519_ECC_SLOT_DEFAULT 1 // slot in ECC keys storage for both public and private keys
 PAIRING_KEY_SLOT_INDEX_0 0 //pairing keys slot
 ```
 All R-memory based keys must be pre-provisioned in the TROPIC01 Secure Element separately. For example, it might be done with libtropic-util tool available [here] (https://github.com/tropicsquare/libtropic-util)
 ### Build TROPIC01 SDK (libtropic)
 wolfSSL uses the "TROPIC01 SDK" (aka libtropic) to interface with TROPIC01. This SDK can be cloned from the TropicSquare GitHub https://github.com/tropicsquare/libtropic
 Once the repo was downloade, please follow [this guidline](https://github.com/tropicsquare/libtropic/blob/master/docs/index.md#integration-examples) on how to configure and build TROPIC01 SDK
 or simply run the following commands:
 ```sh
  $ git clone https://github.com/tropicsquare/libtropic.git
  $ cd libtropic
  $ mkdir build && cd build
  $ cmake -DLT_USE_TREZOR_CRYPTO=1 ..
  $ make
 ```
 ### Build wolfSSL
 To compile wolfSSL with TROPIC01 support using Autoconf/configure:
 ```sh
 $ cd wolfssl
 $ ./autogen.sh
 $ ./configure --with-tropic01=PATH --enable-cryptocb --enable-static --disable-crypttests --disable-examples --disable-shared --enable-ed25519
 $ make
 $ sudo make install
 ```
 where PATH is an absolute path to the libtropic folder, for example 
    --with-tropic01=/home/pi/git/libtropic
 for the debugging output, add 
    --enable-debug
 ### Build test application
 The test application for Raspberry Shield and USB stick can be cloned from the TropicSquare GitHub https://github.com/tropicsquare/tropic01-wolfssl-test
 To build and run the test application, please run the next commands
 ```sh
 $ git clone git@github.com:tropicsquare/tropic01-wolfssl-test.git
 $ cd tropic01-wolfssl-test
 ```
 if necesary open and edit Makefile in this folder
 set correct values for CC and LIBTROPIC_DIR variables, for example:
    CC = gcc  
    LIBTROPIC_DIR = /home/pi/git/libtropic
 then run the following commands to build and run test application for USB stick:
 ```sh
 $ make
 $ ./lt-wolfssl-test
 ```
 or for Raspberry PI shield (make sure you fulfield all prerequirements first):
 ```sh
 $ make RPI_SPI =1
 $ ./lt-wolfssl-test
 ```
 In case of success the output of the test application should look like this:
 ```sh
 wolfSSL Crypto Callback Test Application
 ========================================
 wolfSSL Entering wolfCrypt_Init
 TROPIC01: Crypto device initialized successfully
 wolfCrypt initialized successfully
 Registering crypto callback with device ID 481111...
 Crypto callback registered successfully
 RNG_HEALTH_TEST_CHECK_SIZE = 128
 sizeof(seedB_data)         = 128
 TROPIC01: CryptoCB: SEED generation request (52 bytes)
 TROPIC01: GetRandom: Requesting 52 bytes
 TROPIC01: GetRandom: Completed with ret=0
 TROPIC01: CryptoCB: RNG generation request (32 bytes)
 TROPIC01: GetRandom: Requesting 32 bytes
 TROPIC01: GetRandom: Completed with ret=0
 Generated 32 random bytes:
 94F589E8 9C59B5A2 C8426FB6 9C548623
 358551CE 07238D37 EBF7FEE5 42BEB299
 RNG test completed successfully
 AES test starting:
 TROPIC01: CryptoCB: AES request 
 TROPIC01: Get AES Key: Retrieving key from slot 1
 TROPIC01: Get AES Key: Key retrieved successfully
 Plain message:
 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 
 Encrypted message:
 89 44 11 3E 2E 07 52 9C CB 5F B1 70 7E 9C 42 D6 
 AES test completed successfully
 ED25519 COMPREHENSIVE TESTING SUITE
 === Ed25519 Key Generation Test ===
 ✓ Ed25519 key structure initialized successfully
 TROPIC01: CryptoCB: RNG generation request (32 bytes)
 TROPIC01: GetRandom: Requesting 32 bytes
 TROPIC01: GetRandom: Completed with ret=0
 ✓ Ed25519 key pair generated successfully
 Generated Public Key (32 bytes):
 5D28BB98 AF86844E 5C2D48B6 473EA116
 0A98B568 3313915D 1565C540 AA3EB250
 ✓ Ed25519 key generation test completed successfully
 === Ed25519 Message Signing Test ===
 DEV_ID: 481111
 TROPIC01: CryptoCB: RNG generation request (64 bytes)
 TROPIC01: GetRandom: Requesting 64 bytes
 TROPIC01: GetRandom: Completed with ret=0
 Test Message (64 bytes):
 000CD9C2 0FA2E218 67737744 4550F217
 5082408B 9F21F92B 06A570C4 C18AA073
 1B23836F 1CDC760B 7242F8A7 83B8EC9A
 BF9E6D84 2E605AA1 0A168E88 FDEF38DA
 TROPIC01: CryptoCB: ED25519 signing request
 TROPIC01: Get ECC Key: Retrieving key from slot 3
 TROPIC01: Get ECC Key: Key retrieved successfully
 ✓ Message signed successfully
 Signature length: 64 bytes
 Generated Signature (64 bytes):
 AE4B42CF 46F8F369 4F559390 0EDDA701
 A73A562B 3D03F429 8706309D 63E2120B
 82B2A91F 6D7A7519 0CD62215 CABE3183
 433F4125 2CC017EB BD1E59A1 4A22CC09
 ✓ Ed25519 message signing test completed successfully
 wolfSSL Entering wolfCrypt_Cleanup
 ```